Access tokens classic
- Reference
- 2-min read
This article discusses access tokens used in previous Dynatrace to authenticate to classic Configuration and Environment APIs. For the latest Dynatrace access, see Platform tokens and OAuth clients.
All external access to your Dynatrace monitoring environment relies on two pieces of information: the environment ID and an access token.
Dynatrace uses several types of tokens:
- Access tokens and personal access tokens grant access to:
- Dynatrace API
- Download of OneAgent and ActiveGate installers
- Personal access tokens grant access to some endpoints of Dynatrace API
- Tenant tokens allow OneAgent to report data to Dynatrace
Token format
Dynatrace uses a unique token format consisting of three components separated by dots (.).
Token example
dt0s01.ST2EY72KQINMH574WMNVI7YN.G3DFPBEJYMODIDAEX454M7YWBUVEFOWKPRVMWFASS64NFH52PX6BNDVFFM572RZM
Token components
Token prefixes
This predictable format offers you several capabilities:
- Use Git pre-commit hooks to avoid pushing tokens to source code repositories (for example, using tools like git-secrets)
- Define masking rules to obfuscate the secret portions of tokens when writing log files
- Detect tokens in internal files or communications
- Enable the GitHub secret scanning service to identify any token pushed to a public GitHub repository
Use this regular expression to look for tokens:
dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}
With the rollout of Dynatrace version 1.210, this format is enabled by default (all newly generated tokens will use the new format).
All existing tokens of the old format remain valid.
Disable the new format
For a limited time, you can opt out of using the new token format:
-
Go to Settings > Integration > Token settings.
-
Turn off Create Dynatrace API tokens in the new format.
Generate an access token
To generate an access token:
- Go to
Access Tokens. - Select Generate new token.
- Enter a name for your token.
Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper naming helps you to efficiently manage your tokens and perhaps delete them when they're no longer needed. - Select the required scopes for the token.
- Select Generate token.
- Copy the generated token to the clipboard. Store the token in a password manager for future use.
You can only access your token once upon creation. You can't reveal it afterward.
Token scopes
Access tokens have fine-grained scopes to limit access to specific product functionality for security reasons.